Amazon’s Invasion of the CIA Is a Seismic Shift in Cloud Computing

The rumors are true. Amazon is providing cloud services to the CIA. But what’s most intriguing about the multi-million-dollar deal is not what Amazon is doing, but how the company is doing it — and what that means for the future of that thing called cloud computing.

Word of the deal broke in mid-March by way of a publication called FCW, which reported that the king of cloud computing had inked a contract with the Central Intelligence Agency to provide cloud services over the next decade. Amazon finally confirmed the deal, if not the price tag, last week after rival IBM filed a formal protest over the pact.

The deal was big news across the web. Amazon, pundits said, had stepped up its effort to challenge old-school giants like IBM in an area the old guard had long dominated: federal contracting. The chorus of voices swelled Friday when the General Accounting Office responded to IBM’s protest with a ruling that said the CIA chose Amazon over Big Blue due to a “superior technical solution.” But Amazon’s CIA contract is important for far bigger reasons, and marks a much bigger shift than most people realize.

You see, the GAO ruling on the matter reveals that the contract involves Amazon building cloud services inside CIA data centers. “The contractor generally was to provide a copy of its existing public cloud (modified where necessary) to be installed on government premises,” the GAO ruling explains. That may seem like a small thing, but in the world of cloud computing, it’s a seismic event.

For years, cloud computing has been defined by a sharp contrast in philosophy. New-age companies like Amazon and Google said computing power should be offered over the internet, much like electricity is offered over the grid. This, they said, was cloud computing. But old-school companies like IBM and HP — companies threatened by this new way of doing things — urged businesses to duplicate cloud computing services like Amazon EC2 and Google Compute Engine inside private data centers, arguing that this provided greater security and privacy. You could still have cloud computing, the old guard said, without the public internet.

Amazon, in particular, scoffed at this notion of the “private cloud.” Behind such voices as Andy Jassy, the head of the company’s Amazon Web Services business, and AWS chief technology officer Werner Vogels, the web giant made a point of telling the world a private cloud was not a cloud — that a cloud, by definition, was delivered to everyone, across the public internet.

Yes, some of this was just semantics, an effort to grab hold of a marketing term — cloud — that has become vitally important in the computing world. But underneath the bluster, Amazon and IBM truly held contrasting views. IBM was willing to build you a service inside your own data center. Amazon was not.

Until now.

Amazon declined to discuss its contract with the CIA. But in typically fashion, it did provide a canned statement, arguing that the CIA contract does not represent that big of change for the company. Amazon already offers cloud services, known as GovCloud and FinQloud, designed specifically for government agencies and financial institutions. “We can tell you that GovCloud and FinQloud are examples of ‘community clouds’ where we are delivering members-only implementations of AWS to groups of organizations who share specific requirements,” the statement reads.

But GovCloud and FinQloud reside inside Amazon data centers. The CIA deal is something different. The GAO makes it clear that building cloud services inside CIA data centers is part of the pact, and a source familiar with Amazon’s thinking confirms this represents a significant change in strategy for the web giant.

Amazon has been hugely successful offering its public cloud services to developers and startups — by one estimate, AWS now runs as much as one percent of the internet — but it’s now looking for ways to expand its cloud business into much larger operations, the so-called “enterprise” and government agencies such as the CIA. The company already has told us it is building a network of partners that will help it sell services into traditional enterprises, and now, it has crossed another line, agreeing to embrace what was once a dirty term at the Seattle company: “the private cloud.”

The truth of the matter is that many enterprises and government agencies still question the privacy and security of public cloud services. “This level of control is very important in regulated industries: financial services and healthcare,” says Michael R. Overly, a lawyer with the international firm Foley & Lardner LLP. And it appears that Amazon is now willing to accommodate these concerns.

To be sure, a government intelligence agency such as the CIA is an extreme case, but rumors have long indicated that Amazon is building similar private services for others, including large companies, and with the recent revelations that the NSA, another intelligence agency, is now lifting data from public web services, concerns over security and privacy online may only increase.

Some might accuse Amazon of hypocrisy. As recently as December, when we visited AWS headquarters in Seattle, AWS head Andy Jassy reiterated that the company was opposed to the so-called private cloud — that the public cloud was vastly superior in every way. But with its CIA deal, Amazon is simply following the money. According to FCW, the CIA contract is worth $600 million to Amazon over the next ten years. And ultimately, that’s worth a little egg on the face.